Bugtraq mailing list archives
Advisory: exmh symlink vulnerability
From: "Stanley G. Bubrouski" <stan () CCS NEU EDU>
Date: Sun, 31 Dec 2000 15:32:40 -0500
Author: Stan Bubrouski (stan () ccs neu edu) Date: December 31, 2000 Package: exmh Versions affected: 2.2 and probably previous versions. Severity: A malicious local user could use a symlink attack to overwrite any file writable by the user executing exmh. Problem: When exmh detects a problem at startup (or possibly other times, I don't have time to investigate) it encounters errors in its code or configuration an error dialog comes up asking the user what happened and giving them the option to fill in an explanation and click a button to send the bug report via e-mail to the maintainer. If the user does attempt to e-mail the maintainer a file named /tmp/exmhErrorMsg is created and if the file exists and is a symlink it will follow the symlink allowing local files to be overwritten depending on the user running exmh. Solution: There are no known solutions at this time. Copyright 2000 Stan Bubrouski -- Stan Bubrouski stan () ccs neu edu 316 Huntington Ave. Apt #676, Boston, MA 02115 (617) 377-7222
Current thread:
- Advisory: exmh symlink vulnerability Stanley G. Bubrouski (Jan 02)